Abstract

Critical infrastructure assets are monitored and managed by industrial control systems. In recent years, these systems have evolved to adopt common networking standards that expose them to cyber attacks. Since programmable logic controllers are core components of industrial control systems, forensic examinations of these devices are vital during responses to security incidents. However, programmable logic controller forensics is a challenging task because of the lack of effective logging systems.

Highlights

  • Critical infrastructure assets such as electricity generation plants, transportation systems and manufacturing facilities are monitored and controlled by industrial control systems [4]

  • The decision to focus on a Siemens Simatic S7 programmable logic controller was motivated by their widespread use around the world [1] and the fact that they were targeted successfully by the powerful and insidious Stuxnet malware

  • Four common programmable logic controller requests, central processor unit (CPU) START, CPU STOP, READ and WRITE were identified by packet analysis using Wireshark with the S7 dissector plugin

Read more

Summary

A Forensic Logging System for Siemens Programmable Logic Controllers

To cite this version: Ken Yau, Kam-Pui Chow, Siu-Ming Yiu. A Forensic Logging System for Siemens Programmable Logic Controllers. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.331-349, ￿10.1007/978-3-319-99277-8_18￿. ￿hal-01988850￿. To cite this version: Ken Yau, Kam-Pui Chow, Siu-Ming Yiu. A Forensic Logging System for Siemens Programmable Logic Controllers. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés

Introduction
Related Work
PLC Architecture and Programming
Proposed Logging System
S7 Communications Protocol
Creating Audit Log Records
Traffic Light Control System
Liquid Mixing Control System
Experimental Results and Discussion
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call